The starting function
main is in the file
Command-line arguments are parsed by
The packet capture engine is powered by the pcap library, that
handles, with the function
pcap_loop the callback loop function
When a packet has been captured by
pcap_loop it will be
calculated the offset of the ip header (
ippacket), the offset
of the tcp header (
tcppacket). Finally the function
verify.c) will be called to analyze the packet.
Packet offset and size are declared globally (
globals.h) not to allocate the stack every time a function that
works on the packet is called
The source code that contains the function
verify begins with
#define's used to verify if a sniffed packet match an
inizialized connection (or else if it creates a new one).
All connections tracked are stored in a linked list (i hope I will be able to replace it with an efficient balanced tree).
struct host_descriptor_t describes one side of the tcp
connection (the server or the client). The function
detects the changes of the status of the tracked connection and update
it with the function
calls the function
display_status to notify the user of this
change and deletes the connection if it is
When data are transmitted (
IS_DATA_FLOW) the function
verify.c) is called.
This function detects if the
packet is an acknowledgment one or a data one.
packets are stored in a linked-list
by the function
When data are acknowledged by
fragments.c) is called.
flush_ack acknowledged data are flushed
to an output stream (display or file)
by the function
is used to select the format of the
data wished by the user.